ICMP (Internet Control Message Protocol) is used for diagnostic or control purposes. Network devices send one of the twenty four ICMP errors directed at the source IP of a packet, for example to let the source device know that it is currently not available or the desired destination can not be reached. The Barracuda CloudGen Firewall uses the following terms to describe the IP addresses involved in a ICMP reply:
Forward / Reverse / Target IP Addresses
The forward policy affects ICMP messages that are caused by traffic from the source to the destination.
The reverse policy affects ICMP messages that are caused by traffic from the destination back to the source.
Configure ICMP Handling Policy
ICMP handling policy is configurable per firewall rule:
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules.
- From the Views menu on the left of the Edit Rule window, select ICMP Handling.
In the Use Policy dropdown field, select one of the following options:
Default Policy – The default policy decides automatically whether to use forward or target address:
With NAT – The forward address is used (no internal IP address is visible).
Without NAT – The target address is used.
- NO ICMP AT ALL – Block all ICMP settings.
- Use Forward Address – The forward address is used for ICMP messages.
- Use Reverse Address – The reverse address is used for ICMP messages.
- Use Target Address – The target address is used for ICMP messages.
- Default Policy – The default policy decides automatically whether to use forward or target address:
Select which replies are blocked in the BLOCKED ICMP Messages section.
Click Send Changes and Activate.